General
-
Target
Wezwanie Komornicze PDF.zip
-
Size
269KB
-
Sample
220119-jhwmxsgabq
-
MD5
3782c546ed49df842582bef529211e6d
-
SHA1
a845e340b1d98f5477886d1c92b62ba6a03dad19
-
SHA256
e0d8a28d8cb75dcf78bfc4ddecbdbf89a837e133ec9913959e4dfd84d34fad24
-
SHA512
df8bb7505a33a45ee4676072d3ab4272d26117325c7d6b4642db301b9a896bdb823597e32c5d6e33460e68e94851804ed3f94dbeab4fabfa4fb775c223c0d68f
Static task
static1
Behavioral task
behavioral1
Sample
Wezwanie Komornicze PDF.scr
Resource
win7-en-20211208
Malware Config
Extracted
asyncrat
0.5.7B
Default
ssonn.v6.rocks:7707
sson.dnsup.net:7707
PLPL
-
anti_vm
false
-
bsod
false
-
delay
3
-
install
false
-
install_folder
%AppData%
-
pastebin_config
null
Targets
-
-
Target
Wezwanie Komornicze PDF.scr
-
Size
484KB
-
MD5
63979e4d969c99f74486cc2fb4a1b368
-
SHA1
76dffbc7c5a3992a46e7f56144db07cb3d652e56
-
SHA256
dc9501ac1cba2c957ed7e1a8d2922839fcc3d19c44ce70d959a22cbd2d0c6d84
-
SHA512
59e492e920e030ae8a92c3c222d9e18a7c89b5f52ec5c7e1ed9131f6caf10ad1e567fea7747897a90cdb1ce1b1f094764fac08cbd2110c4ad9c489a87ccffff1
-
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
suricata: ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
-
Async RAT payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-